Intuit Into It (PayCycle) for $170 Million

Intuit Buying PayCycle for $170 Million

Posted on: June 2nd, 2009 | PIN Payments News Blog

Intuit Inc. (Nasdaq: INTU) has agreed to acquire PayCycle Inc., a Palo Alto, Calif.-based provider of online payroll services, for approximately $170 million in cash. PayCycle had raised nearly $30 million in VC funding since 2000, from firms like August Capital, CCP Equity Partners, DCM, Irwin Ventures and Total Technology Ventures. PayCycle was advised on the sale by Raymond James & Associates.

PRESS RELEASE

Intuit Inc. (Nasdaq: INTU) has signed a definitive agreement to purchase PayCycle Inc., one of the nation’s fastest-growing online payroll services, serving more than 85,000 small businesses. The cash transaction is valued at approximately $170 million, subject to adjustment. Privately held PayCycle, based in Palo Alto, Calif., is a leader in online payroll for small businesses, accountants and financial institutions.

The acquisition will give small businesses access to one of the most innovative, easy-to-use and cost-effective online payroll solutions from one of the strongest and most trusted brands in financial management software. In addition, it will provide hundreds of thousands of accountants with the ability to easily and profitably offer services as stand-alone payroll providers for their small business customers.

Customer Value

“We’ll offer small businesses a range of low-cost, high-value alternatives to expensive payroll outsourcers and time-consuming, error-prone manual payroll methods,” said Nora Denzel, senior vice president and general manager of Intuit Employee Management Solutions. “In addition, the acquisition will enable Intuit to develop and deploy the next generation of online payroll tools more quickly.”

PayCycle chief executive Jim Heeger, a former Intuit chief financial officer, said the two companies’ strengths complement each other.

“We share a common vision: using the Internet to deliver a secure and easy-to-use payroll solution to small businesses,” said Heeger. “Like Intuit, our employees are proven innovators and industry thought-leaders who develop and deliver game-changing offerings that redefine traditional ways of doing things.”

Strategic Importance

The acquisition supports Intuit’s strategic goals in two ways.

First, it underscores the company’s connected services strategy, which is designed to give customers online access to its products and services. Today, Intuit derives more than half its total revenue from connected services offerings.

Expanding the online capability of its payroll offering advances Intuit’s move into the “software as a service” markets for small business. As a result, the company expects to accelerate the growth rate of its overall payroll business.

In addition, PayCycle’s partnerships with financial institutions are expected to extend Intuit’s ability to offer integrated payroll solutions to an even larger set of partners and deliver a simple payroll solution to a greater number of small businesses.

Terms and Conditions

The transaction is expected to close during the third quarter of calendar year 2009 and is subject to regulatory review and other customary closing conditions. Intuit expects the acquisition to reduce its GAAP earnings by approximately 2 cents per share in the fourth quarter of fiscal year 2009. Intuit does not expect the acquisition to have a material effect on fiscal year 2010 earnings. After the transaction is complete, PayCycle will become part of Intuit’s small business group. PayCycle CEO Heeger will serve as a strategic advisor to Intuit for six months to help ensure a smooth integration of the two companies.

About Intuit Inc.

Intuit Inc. is a leading provider of business and financial management solutions for small and mid-sized businesses; financial institutions, including banks and credit unions; consumers and accounting professionals. Its flagship products and services, including QuickBooks®, Quicken® and TurboTax®, simplify small business management and payroll processing, personal finance, and tax preparation and filing. ProSeries® and Lacerte® are Intuit’s leading tax preparation offerings for professional accountants. The company’s financial institutions division, anchored by Digital Insight, provides on-demand banking services to help banks and credit unions serve businesses and consumers with innovative solutions.

Founded in 1983, Intuit had annual revenue of $3.1 billion in its fiscal year 2008. The company has approximately 8,000 employees with major offices in the United States, Canada, the United Kingdom, India and other locations. More information can be found at www.intuit.com.

About PayCycle

PayCycle is America’s No. 1 online payroll service, serving more than 85,000 small businesses. PayCycle provides an easy-to-use, innovative, efficient service for small businesses, backed by outstanding customer support. PayCycle also powers payroll services for leading financial institutions including Capital One and PNC Bank, and provides client payroll services through many of the nation’s accounting professionals. The PayCycle® service integrates with leading accounting programs, such as QuickBooks®, Quicken®, Peachtree® and Microsoft® Money. PayCycle’s unique “Do-It-With-YouSM” (DIWYSM) technology platform guides customers through the entire payroll process from paycheck to W-2 forms. PayCycle also holds PC Magazine’s highest editorial honor for small business payroll, the PC Magazine Editors’ Choice Award. Visit www.paycycle.com for a free trial of the service.

Intuit, PayCycle, PIN Payments News Blog, HomeATM

Security Top Concern for Online Bankers

Editor's Note: Had you not yet noticed, today is kindova "What's Wrong with Online Banking day" at the PIN Payments News Blog.

Today's theme is the lack of security attached to online banking and how easy it would be to fix it by adding the missing piece to the puzzle.

There's been so much news lately regarding phishing, XSS attacks, what-have-you, that it will be easy to populate this blog with stories that are no older than 3 days old... stories which "clearly" evoke the message that it's time we start doing things differently.

There will be several posts today concerning online banking.  


Here's one from the Beijing Morning Post. 

ITWeb :Security top concern for online bankers

The Beijing Morning Post in conjunction with iResearch, recently conducted a survey on consumer attitude toward the use of online payments, says People's Daily.

The survey result shows security is still the main factor that netizens take into consideration when making online payments, with 66.3% of all users surveyed considering security the most important thing when it comes to the use of online banking.

The survey indicates that 79.2% of participants currently use online banking services, while 8.46% used online banking services in the past but no longer do. 


American Banker Reports the following:

Related articles

• Nothing Phishy About PCI 2.0 Certified "Card Present 2FA" (pindebit.blogspot.com)
• Torpig: "One of the Most Advanced Pieces of Crimeware ever Created".' (pindebit.blogspot.com)
• BofA Targeted by Malicious Code Phishing Attack (pindebit.blogspot.com)

Fraud Standing Firmly in the Way of Online Banking

In my ongoing onslaught of recent stories about the lack of security involved with online banking, and the repercussions of such, I bring you this story from yesterday's Crains Manchester. 

BTW:  This is just the beginning of the fallout.  It will get worse and more people and more businesses will pull back from online banking because of security fears.  Just read today's postings if you disagree.  Or at least read between the lines. 

There's only one way to secure financial transactions and that is outside the browser space. 

It's what we at HomeATM do.  We're the FIRST and ONLY company in this whole wide World to design, patent and manufacture a World Wide Web PCI 2.0 Certified PIN Entry Device.

More Good News for Financial Institutions: We've got our cost down to the point whereby you could "give it away."  The ROI could be as little as 30 days.   Want to find out more?  I'd be happy to show you how our device can not only provide ehance login security with 2FA, but also enable your online banking customers to securely pay their bills, transfer money, and make secure E2E 3DES Encrypted, Protected by DUKPT e-commerce transactions. 

Find out more here

 

Fraud fear turns firms off online banking - Crain's Manchester Business

Fraud fear turns firms off online banking
By Michael Fahy

Greater Manchester's businesses are rejecting online business banking because of the risks involved, according to accountancy firm Saffery Champness.

The firm said the risk of online banking fraud, which increased by 132 per cent last year to £52.2m according to industry association Apacs, is putting SMEs off from using online account facilities, despite being encouraged to do so by the high street clearing banks.

“Bosses are suspicious of online banking because this key control is often unwittingly removed when access to online facilities is delegated to another person,” said Simon Kite, a partner in the Manchester office of accountancy firm Saffery Champness.

“The shocking thing is that banks will only compensate a business for losses if the directors can show the bank has been negligent with its online banking facility.

Related articles

• HomeATM at FinovateStartup09 Today (pindebit.blogspot.com)
• New Standard for Encrypting Card Data in the Works - HomeATM Already Done (pindebit.blogspot.com)
• 3DES, DUKPT & E2EE Explained (information-security-resources.com)

Down Goes HSBC - ATM & Online Banking Systems Fail

HSBC has launched an investigation after systems failed at the weekend leaving customers unable to withdraw cash from ATMs. Online banking was also down.

"HSBC would like to apologize to those customers that were affected by issues relating to its ATM network over the weekend. A full investigation is currently underway to establish the main cause of the problem," said HSBC.

One reader said when he tried to withdraw money from a Lloyds ATM he was greeted with the message "Unable to perform this function, please contact your card holder."

When he contacted NatWest he was told he had exceeded his daily card limit.  Fearing he had been defrauded he tried unsuccessfully to go online. He telephoned HSBC and was told all HSBC UK customers were unable to access their funds electronically and that it was working to fix the problem.

HSBC said the investigation could take several weeks.

Continue Reading at ComputerWeekly.com

HSBC, atm failure, online bank failure

Something Phishy About Not Using PCI Certified 2.0 2FA for Online Banking

Something Phishy About Bank's Not Using 2FA from HomeATM

Researchshows that most online banking sites have inbuilt flaws which couldpotentially put valuable customer data into the wrong hands.

Now there is a way (since March 17th, 2009) to vastly increase the security of online banking. 

HomeATMengineered AND manufactures the world's FIRST and ONLY PIN Entry Devicesolely designed for online authentication and eCommerce to achieve PCI2.0 certification.  What that means is:

Banks now have achoice.  They can use what many consider to be a very obsoleteUserName/Password login OR they can provide a methodology which safelyand securely authenticates their online banking customers withtwo-factor authentication. 

Logging on to a bank's online banking site is now quick/convenient and easy. 

Bank customers would simply swipe their bankcard through HomeATM's SafeTPIN device and enter their bank assigned PIN. 

HomeATMis proud to introduce the security of "True" 2FA (two-factorauthentication) to the online banking community AND provide the impetusfor banks to procure more online banking customers via the allure ofthe most secure online banking platform in the industry.

I don'tmean to oversimplify how easy it would be for a financial institutionto implement "True 2FA" with HomeATM's device, but it's unavoidable.

To keep it short, I'll provide but one recent fact from Gartner Research:

• Phishing attacks are costly:

According to research firm,Gartner, banks, online payment organizations and other financialinstitutions are bearing most of the financial cost of phishingattacks.  (A survey of nearly 4,000 US consumers revealed a 40% increase in the number of phishing victims in 2008 over the year before to five million.) 

The average loss was $350 per phishing attack, but consumers said they had recovered 56% of their losses from the financial institutions involved.  (That's $196 to the banks and $154 to the consumers)  "The findings underline the fact that the war against phishing is far from over," said Avivah Litan, analyst at Gartner.  (Yes, the very same Avivah Litan who says "never" enter your PIN on the Internet unless it's hardware based)

Guess what?  The HomeATM "SafeTPIN" device would not only eliminate "phishing attacks" but it would also eliminate the threat of "cloned cards," "cloned bank sites", AND provide "True 2FA." for online banking customers. 

Additional benefits include empowering online banking customers with the ability to perform:

• Person to Person Money Transfers,
• Bill Payment Online (with "True PIN" vs. PINless Debit)
• Secure online transactions with online retailers.

As I said, I don't mean tooversimplify WHY they banks should investigate our solution further,but sometimes the simplest things in life are the best...aren't they?

In closing out this week's edition of the PIN Payments News Blog, 'll state one more "food for thought" item. 

According to a trustworthy source, Bank of America spent $129 Million on PCI DSS compliance last year. 

Now I'm not saying that our SafeTPIN device would eliminate the entire cost of PCI DSS compliance, BUT...on account of how we are "already" PCI 2.0 PED certified, any bank that utilizes our device for "True Two Factor Authentication" during the log-in process, would effectively be removed from the scope of PCI DSS requirements. 

• at least for their online banking application
• and Bill Pay
• and online eCommerce Transactions
• and Money Transfers

So...to anybody out there that knows some high level banking executives...pop me an email and let's talk. 

I'll make you some serious money, save the bank's some serious money, enhance the banks' image AND provide consumers with the peace of mind knowing that their financial information is secure!. 

Consumers fear financial security threats more than the threat of a terrorist attack (see graph on left)  

Here's a quote from:  Convenience or Security?  How About BOTH?

American's "DEFINITELY" want security.

Infact American's worry more about credit and debit card fraud than theydo about a terrorist attack...according to a new report from Unisys.  

Oh...andin quantity, our device costs about 10% of what it currently costsbanks and consumers for each "phishing incident."  Simple...ain't it?

online banking, security, 2FA, two-factor authentication, HomeATM, Banks, Financial Institutions, Terrorist Attack, Phishing, Hack, Fraud, Bill Pay, login, SafeTPIN, PIN Debit

Nothing Phishy About PCI 2.0 Certified Cardholder Present 2FA!

Nothing Phishy About PCI 2.0 Certified "Card Present 2FA"

Attn: Banking Institutions:  The phishing problem can be immediately solved with "Card Present" Two Factor Authentication.  And two of the steps are already in place.

1: Bank issues Card, 

2. Bank Issues PIN, 

3. Bank Issues HomeATM's iSwipe. ($12.00...less in quantity) 

A: Customer Swipes Card

B: Customer Enters PIN. 
C: Log-in authenticated, phishing problem solved. 

Description:
The growing popularity and success of Internet banking has brought on unprecedented attacks from gangs of well organized cybercriminals, according to AIB today.

For example, the number of phishing attacks on AIB in April 2009 surpassed the total number experienced in the whole of 2008, it said.

Online banking is growing in Ireland with AIB's Internet Banking service showing continued growth with over 570,000 customers (up 18pc) now regularly banking online. The number of transactions completed online also continues to grow strongly (up 27pc) in 2008.

HomeATM eliminates phishing attacks completelybecause the user MUST authenticate themselves by 1. swiping their bankissued card and 2. entering their bank issued PIN.  So even if thephisher obtained the Primary Account Number (PAN) and the Personal Identification Number(PIN) they would still be unable to log-in without physically swipingthe card.  (Editor's Note:  It is highly unlikely anyone could obtainboth the PAN and the PIN, I just use that to demonstrate how secure our2FA log-in is.  It's not only two-factor-authentication,it's "card present" 2FA.  What the world needs now is "Card Present ina Card Not Present World."  It really is that simple.  See "Something Phishy About Bank's not Using Card Present 2FA"

Online Banking Phishing Scams (since Saturday)

Here's just a small (and recent) sampling of some of the Phishing Attacks experienced by Online Banking Customers, all of which could be solved by HomeATM's PCI 2.0 Certified PIN Entry Device...  (links provided by millersmiles.co.uk)



 Phishing Scam Target: Veneto Banca Italy Customers
21 reports:

Commonwealth Bank of Australia	30th May 2009
Urgent Notification
"As part of our security measures, we regularly screen activity in Commonwealth Bank Australia system."
Cahoot Bank	30th May 2009
Cahoot Internet Banking Security Information
"Toensure you are always protected, we are introducing a new programme onsecurity called BankSecure-cfx-09 and you'll see a number ofinitiatives that will be put in place to enhance your Internet bankingexperience."
Cahoot Bank	30th May 2009
FRAUD VERIFICATION PROCESS - It's All About Your Savings
"DearCustomer, We are Using this medium to Notify you of the ongoing OnlineFraud on our Website, You might not always be aware of it, but we spenda lot of time in the background making sure you're safe."
Commonwealth Bank of Australia	31st May 2009
Important message from the Commonwealth Bank!
"Werecorded a payment request from "Internet Friends Network -iFriends.net-Girls Show" to enable the charge of AU$317 on your account."
Egg Bank	31st May 2009
You Have One Unread Message On Your Online Banking Account
"LOGON"
Bank of America	31st May 2009
Bank of America Alert: Important Message Alert!
"Due to the high number of fraud attempts and phishing scams, it has been decided to implement EVSSL Certification on our Internet Banking website."
Commonwealth Bank of Australia	31st May 2009
Customer Satisfaction Survey.
"Congratulations!"
PayPal	31st May 2009
Paypal Member Notification
"Security Center Advisory!"
Cahoot Bank	31st May 2009
Cahoot Bank-Your Account Is Temporarily Suspended
"Cahoot Bank temporarily suspend your account."
Alliance and leicester Bank	1st June 2009
2009 Alliance and leicester CUSTOMER SERVICE MESSAGE
"To access your Alliance and Leicester personalized Secure Messages Center, click on the link below:"
Alliance & Leicester	1st June 2009
IMPORTANT ANNOUNCEMENT
"We are excited to announce that…"
Egg Bank	1st June 2009
Online Security Update
"This is an important email alert ."
CIBC	1st June 2009
Notification
"We offer you secure access to your online banking and investment accounts."
Lloyds TSB Bank	1st June 2009
Your Online Banking Service Could Be Suspended.
"Whileperforming customers account maintenance and verification procedures,we have detected a slight error in your account information."
PayPal	1st June 2009
PayPal Email ID PP4896
"Your account has expired."
Alliance and Leicester Bank	2nd June 2009
Customer Notice: Your Account Security.
"Our Maintenance Division is carrying out a scheduled Direct and Digital Banking Service on all account for your security purposes."
Egg	2nd June 2009
Egg Card Security Message
"It has come to our attention that your Egg Card needs to be updated as part of our continuing commitment toprotect your online card in this year 2009 and to reduce the instance of Fraud on our website."
Abbey	2nd June 2009
IMPORTANT SECURITY NOTICE - Together We are Stronger
"Online Security Services:"
Commonwealth Bank of Australia	2nd June 2009
You have one unread message
"You have one unread message from NetBank"
Bank of America	2nd June 2009
Digital Certificate Updating Procedure
"Bank of America Direct Digital Certificate Updating Procedure"
AOL	2nd June 2009
Important: Billing Confirmation 331858*
"If you could please take 5-10 minutes out of your onlineexperience and update your personal billing records so you will not run intoany future problems with the online service."

To see the Top 100 Phishing Scams from May 15-30th, click here
 

Related articles by Zemanta

• BofA Targeted by Malicious Code Phishing Attack (pindebit.blogspot.com)
• Nothing Phishy About PCI 2.0 Certified "Card Present 2FA" (pindebit.blogspot.com)
• Torpig: "One of the Most Advanced Pieces of Crimeware ever Created".' (pindebit.blogspot.com)

Latest Trojan Steals Login Before Bank Website Can Encrypt

Editor's Note:  Look what came across my desk AFTER I decided to dedicate a day to the perils of online banking!  I've said all morning, Don't Type, Swipe, but naysayers are like, "C'mon, if it wasn't safe, then why would they be doing it that way?  To which my reply is a chuckle.  Because it's convenient!  That's why. 

May I humbly suggest, I'm Right, they're Wrong, and everyday there's more evidence that the missing piece to the puzzle is HomeATM.

The Latest Incarnation (Trojan) Can Steal Internet Banking Login Information Before the Bank's Website Can Encrypt It.

Editor's Note:  Yeah, because you let your customer "type" in their login information. If your customers "don't type" the hackers "can't swipe."  Fortunately, your customers can.  An exponentially better approach to authenticated log-in.  "Swipe" the "bank issued" bankcard, and then securely enter the "bank issued" PIN.  The cardholder data is instantaneously "encrypted" (meaning it's never in the clear) so the hacker can't get to it "before" it's encrypted.  With HomeATM you are in the clear, because your data never is.  Today's theme... "onliine banking is so weak it's time they showed the strength to admit they were wrong" continues...

June 2, 2009

Trojans target online banking

By Tan Weizhen

THE big Singaporel banks - DBS, OCBC and UOB - have once again beentargeted by the latest trojan horse computer program, which trickscustomers into revealing their Internet banking passwords.
Late last month, banks were alerted to the trojan, which could gain scammers access to customers' accounts.
UOB Bank warned on its website that scammers may be able to'make unauthorized funds transfers within a short period of time.'

DBS Bank had reportedly more than a million Internet bankingcustomers as of last month. The other two banks declined to reveal howmany they had.

The three banks last came under attack by trojans - computerprograms infiltrating users' computers - in December, but this latestincarnation can steal Internet banking login information even beforethe bank's website can encrypt it. 

Continue Reading

Related articles

• Nothing Phishy About PCI 2.0 Certified "Card Present 2FA" (pindebit.blogspot.com)
• Torpig: "One of the Most Advanced Pieces of Crimeware ever Created".' (pindebit.blogspot.com)
• IBM Agrees with HomeATM...Hardware Required (pindebit.blogspot.com)
• HomeATM Prevents Cloned Bank Site Threat! (pindebit.blogspot.com)
• BofA Targeted by Malicious Code Phishing Attack (pindebit.blogspot.com)

28% of Chinese Consumers Reduced Online Banking on Security Fears

Study: Fearful Chinese Cut Online Banking

Cardline Global  |  Tuesday, June 2, 2009

Nearly28% of Chinese consumers have reduced their online banking and paymentactivities over fears that their personal information could becompromised, according to a report last month by iResearch Consulting Group.

TheBeijing research company found that 63% of consumers said they arebeing more careful about using the Internet for financial activitiesand 3% said they no longer do any banking or shopping online.

However, 18% of respondents said phishing activities and other online scams have had little impact on their financial habits.  The research firm surveyed 2,328 consumers in March.

Related articles

• BofA Targeted by Malicious Code Phishing Attack (pindebit.blogspot.com)
• Nothing Phishy About PCI 2.0 Certified "Card Present 2FA" (pindebit.blogspot.com)
• Torpig: "One of the Most Advanced Pieces of Crimeware ever Created".' (pindebit.blogspot.com)

Costin: Online Banking Needs More Defense Against Phishing

Kaspersky - e-banking Needs More Defense against Phishing Attacks - SPAMfighter

Chief Security Expert of Kaspersky Lab EEMEA, Costin Raju, claims that out of the thousands of Trojans discovered by Kaspersky Lab daily, 1/3rd attack e-banking.

Costin further adds that banks should provide more protection to their customers against these Trojans.  (Editor's Note:  I would further add the it's "Costin" the banks $350 per phishing attack)

At the ITWeb Security Summit held in Midrand (South Africa) on May 26, 2009, Raju states that malware has tremendously augmented for the last few years, causing a severe trouble as security firms could not raise the number of analysts.

Despite the fact that banks worldwide are coping with the economic slowdown, Raju says that this is not the time for them (banks) to reduce their security resources regardless of gloomy economic forecasts and cash flow issues. He says that though security expenses have minimized, online financial dealings are not reducing.

Banks have lessened their physical security expenses in today's economic slowdown time and it alarms Raju that online security will also follow the same trend. IT security estimates between 5% and 12% of the whole IT spend. As the IT expenditure comes down, security also suffers along with everything else.


The closure of many international financial institutions has also aggravated the trouble and carried it with a latest ambush of phishing attacks. Raju states that customers, who are unsure about whether their
funds invested in one of these institutions will be paid back or not, are prone to become victims of these phishing attacks. These customers are more likely to reply to phishing mails claiming they will not get
their money back if they do not furnish their online information within 1 day.

Some other security experts also acknowledge that this is one of the methods hackers use to make money. They employ malware to trace passwords typed through a keyboard, phish for private account details and finally redirect online banking customers to fake sites made to gather login and password information.


Further, Trojans also employ screenshots, taking each mouse click on the virtual secure keyboard. (oops, does that mean that a "floating PIN Pad" which uses "mouse clicks" is not* safe?) * denotes sarcasm

Hence, Raju recommends that banks should be frank with their customers and not only accept them (attacks) but also provide suggestions and guidelines to curtail these dangers.

Editor's Note:  Let me "B. Frank" with the online banking community.  If your customers "don't type" the fraudsters "can't swipe."  The only one's doing the "swiping" will be your customers, and that's okay!  Because when "they" swipe, the data is never in the clear.

End Result?  HomeATM eliminates phishing, eliminates the threat of "fake sites" (or official looking sites) and your customers are in the clear...not their card data.  Got IT?

don't type, swipe" online banking, Kapersky,

Related articles

• Torpig: "One of the Most Advanced Pieces of Crimeware ever Created".' (pindebit.blogspot.com)
• Nothing Phishy About PCI 2.0 Certified "Card Present 2FA" (pindebit.blogspot.com)
• IBM Agrees with HomeATM...Hardware Required (pindebit.blogspot.com)
• Broken Browsers Part Two (dreamhost.com)

Clearly Puzzlin' Evidence

CommBank cops sustained online fraud attack - Security - Technology - smh.com.au

Asher Moses
June 2, 2009 - 3:25PM

Commonwealth Bank customers are being inundated with phishing attacks, some at a rate of several scam emails a day, sent by cyber criminals seeking to steal passwords and credit card details.

The scammers, who are specifically targeting the bank in a sustained assault, are bombarding customers with several clever variations of the email ruse - such as using bogus call centres - in an attempt to hook even tech-savvy web users.

The emails have largely managed to evade spam filters using methods such as images instead of text.

Commonwealth Bank spokesman Steve Batten said the bank was working closely with the Australian Federal Police's Australian High Tech Crime Centre to track down the scammers. However, the bank appears to be losing the war.  

"As soon as we close them down they are opening up elsewhere," Batten said.

This is backed up by figures from the Australian Payments Clearing Association, which reported a 33 per cent increase in both the volume and value of fraudulent online payments in Australia for the year ended December 31, 2008.

The scam emails, which look authentic and include the Commonwealth Bank's logo, try to trick the victim into handing over sensitive information by telling them they need to unlock an account, activate a card, claim a fee refund, update internet banking details, view an important security message or complete a survey in exchange for payment.

When the victim clicks on the link in the email, they are either infected with a password-stealing virus or presented with an official-looking page that asks them to enter their details, which are then harvested by the fraudsters.

Continue Reading

Editor's Note:  An "Official Looking" page is officially "USELESS" if banks "required" their customers to "Swipe" their "bank issued" card and Enter the "bank issued" PIN.

Banks wouldn't be "losing the war" they would be closing down the "Phisheries." 

With HomeATM's PCI 2.0 Certified PIN Entry Device, the card holder data is NEVER in the clear. 

End Result:  Our SwipePIN device eliminates the threat of "phishing" it eliminates the threat of a "cloned website"  (i.e. "official looking page") and it enhances security for online banking with 2FA, 3DES E2E Encryption protected by DUKPT. 

I'm relatively "puzzled" as to banks don't see this as clearly as hackers see cardholder data.

Commonwealth Bank, PCI 2.0, Phishing attacks

XSS Hits Barclays & HSBC

Plague of web bugs descend on British sites • The Register

Plague of web bugs descend on British sites:  HSBC & Barclays bitten

Dan Goodin reports from in San Francisco

It's been a busy week for high-profile web vulnerabilities, with discoveries of careless bugs on the sites of three British companies.

Online banking sites for HSBC and Barclays Group and the website for The Telegraph were caught with their pants down, as hackers published screenshots and other details that showed all three were susceptible to attacks that could compromise the security of people who visit the properties.

The XSS, or cross-site scripting, errors on HSBC were still present on a variety of HSBC sites on Monday afternoon California time, some 48 hours after the XSSed blog first reported them. The bugs allowed attackers to inject javascript and content into HSBC websites simply by tricking a user into clicking on a specially manipulated web address.

"Malicious people can exploit these bugs to conduct phishing attacks and infect bank customers and site visitors with crimeware," the blog warned.

Continue Reading at The Register UK

Barclays, HSBC, web security, malicious code, crimeware, cross-site scripting, XSS

NYCE, PULSE, ACCEL EXCHANGE, STAR, EFT NETWORKS, ACCULYNK, HOMEATM, PIN Debit, Hardware vs. Software, PIN vs. SIG

Canadian Payment Processor Screws Online Gambling Websites

Payment Processor Screws Online Gambling Websites | Gambling911.com

There is outrage in Costa Rica after a Canadian-based payment processor has reportedly screwed over a dozen online gambling sites out of millions of dollars. 

Many of the Costa Rican based Internet gambling businesses were utilizing Smart Banking Systems (SBS), represented by one Ben Waldman. (Editor's Note:  I assume that it not the same Ben Waldman and SBS (Small Business Stick) who works at Microsoft)

"(Ben) Waldman provided the platform for another individual to screw everyone down here and their mother," said one angry operator. "He went through the whole crowd (of Costa Rican-based operators), then disappeared."

Smart Banking Systems bills itself as "Tomorrow's ATM and Credit Card Processing Technology Today"  They claim to be an independent sales organization/merchant service provider involved in the placement of Automated Teller Machines (ATM's) in retail locations and in the processing of Merchant Point of Sale Card Transactions (Visa, MasterCard, Amex, Discover).

"I am owed several hundred thousand dollars from this scumbag," said one operator, who wished not to be identified. Two other operators have notified Gambling911.com of the business practices of Waldman, Chris Connor (an alias) and Smart Banking Systems.

"Please get the message out about these pariahs. Everyone reads Gambling911.com and needs to know."

Since passage of the Unlawful Internet Gaming Enforcement Act (UIGEA), the online gambling sector has had a tough time finding "reliable" processing companies in which to conduct business with.

Christopher Costigan, Gambling911.com Publisher

SBS, Smart Banking Systems, Costa Rica, online gambling, payment processor, Gambling Websites, Gambling911.com

Related articles by Zemanta

• Barney Frank and Internet Gambling (pindebit.blogspot.com)

Alipay Up to 185 Million Registered Users

JLM Pacific Epoch - Alipay Breaks 180M Registered User Mark

Alipay Breaks 180M Registered User Mark

Alibaba Group's online payment subsidiary Alipay has recorded 185 million registered users, and its total transactions exceed more than RMB 700 million per day, reports 163.com quoting Alipay President Shao Xiaofeng on Wednesday. Alipay had recorded 150 million registered users, including 460,000 corporate users, by end of February.

Abu Dhabi Expects to Double Online Revenues by End of Year

Abu Dhabi government expects 35% of commercial transactions to be made online by 2012

The Abu Dhabi government estimates that its commercial transactions conducted online are to climb from 9 percent in 2009 to 35 percent in 2012, the online publication business24-7.ae reports.

Abu Dhabi is looking at doubling its online revenues to more than Dh40 million by the end of this year as the UAE capital embarks on a more aggressive marketing campaign, a senior government official said.

The Abu Dhabi Government aims that 35 per cent of its commercial transactions would be made via online by 2012. Currently, only nine per cent of the transactions are done via e-services.

"Last year, we had 9,000 transactions representing six per cent of the total commercial transactions. Although it's only six per cent we were nevertheless able to make Dh20m as income, which goes to the government," Abdalrhman Saif Al Khader, Head of Online Services Section at the Abu Dhabi Department of Economic Development told Emirates Business on the sidelines of the 15th GCC eGovernment and eServices
Forum.

He said the government is now looking at increasing the coverage to 14 per cent, which will in turn see more than Dh40m in revenues. Currently the coverage has risen to nine per cent from 6 per cent last year.

"The first two years are the most difficult, especially because most of the people are still not aware and some are
hesitant to use credit cards via online transactions. But we will meet the 35 per cent target by 2012," Al Khader said.

Source: http://www.business24-7.ae

Abu Dhabi, online transactions, double online eCommerce

HPY CEO to Speak at iapp Event

IAPP - International Association of Privacy Professionals - Carr gets to heart of it

Heartland Payment Systems CEO discusses breach, previews speech

Not a week had passed after the announcement of what some have described as the largest data breach ever, when the CEO of Heartland Payment Systems, Robert Carr, began calling for better industry cooperation and new efforts directed at preventing future breaches.

Recently, Carr announced that trials will begin late this summer on an end end-to-end encryption system Heartland is developing with technology partners. It is expected to be the first system of its kind in the U.S. The company is also pushing for an end-to-end encryption standard.

At the upcoming Practical Privacy Series in Silicon Valley, Carr will discuss the Heartland breach and the role industry, including privacy professionals, must play to prevent future breaches.

Here’s a preview:

IAPP: Many companies have experienced breaches. What made yours different?

Ours was different because we are a processor and had passed six years of PCI audits with no problems found. Yet, within days of the most recent audit, the damage had begun.

IAPP: Did you have a chief privacy office or a privacy professional on staff before your breach? Do you now?

Ironically, when we learned of the Hannaford’s breach, we hired a Chief Security Officer who started just three weeks before the breach began.

IAPP: In the era of mandatory breach reporting, what is the trajectory of consumer reaction?

As a processor it is difficult to really know this. Our customers are merchants who accept card payments.

IAPP: Do you think consumers will become numb to breach notices?

I believe that many are numb to so many intrusion notices.

IAPP: Are breach notices good public policy? Do the notices provide an incentive for companies to change or improve practices?

I don’t think so. Nobody wants to get breached and the damage caused by a breach is sufficient reason for most of us to do everything we can to prevent them.

IAPP: What has Heartland done differently since the breach?

We have added multiple layers of additional security, helped form the Payment Processors Information Sharing Council and ramped up our timetable to deploy the industry’s first TRSM encryption processing network.

IAPP: You will deliver a keynote at the IAPP Practical Privacy Series event in California next month. Can you give us a preview of your remarks?

I am going to discuss our breach and what we have done and are doing to help others prevent breaches to their own systems.

Heartland Breach, Bob Carr

PayLeap Introduces PayLeap.com

PayLeap, an innovative online payment processing service, introduces its newly redesigned website--PayLeap.com. The new site reflects the company's commitment to finding the best way to serve its clients.

(PRWEB) -- PayLeap, a new and innovative way to process payments online, would like to formally introduce its newly designed website, PayLeap.com. The company is dedicated to serving its potential and current clients with the highest level of support, and the new website was designed with that philosophy in mind. Its enhanced usability is a direct reflection of the quality of the PayLeap payment solution and the company's high standards for customer service.

On the new site, users will find an intuitive navigation and clear design. Visitors are immediately directed, through color, design and content, to their area that will serve their needs best. Merchants, resellers and developers each have a dedicated section, just to provide topical information regarding the benefits of the PayLeap solution for their use. Along with a new online presence, the company also introduces a new logo, slogan and brand identity, brought to the consumer to better represent the customer-oriented philosophy of the company.

PayLeap lowers overhead processing costs and simplifies integration and billing by bundling the merchant account and payment gateway for brick-and-mortar and online merchants. Priding itself on service, the PayLeap mission is to be an outstanding corporate citizen in the electronic payments industry. Transparency, simplicity and service are the core values of the innovative payment processor.

###

Trackback URL: http://www.prweb.com/pingpr.php/U3F1YS1GYWx1LUhvcnItTG92ZS1IYWxmLUNvdXAtWmVybw==

See the original story at: http://www.prweb.com/releases/2009/05/prweb2464724.htm

PayLeap

SAN JOSE, Calif. -- EBay Inc. isremaking its e-commerce marketplace to combat declining sales. In theprocess, it has pitted merchants such as Jack Sheng and Walt Kolendaagainst each other.

Mr. Sheng describes his company, eForCityCorp., as a "mini Wal-Mart." It buys electronics accessories from Chinaand sells 4.3 million of them each year to people looking for dealsonline. After eBay made it cheaper and easier to list products in largequantities for sale last year, his eBay sales in April were up 46% froma year before. The site's changes have "helped good sellers come ...

Related articles

• Pay(Me Later)Pal (pindebit.blogspot.com)

Top 6 Financial Services Fraud/Scams

BankInfoSecurity.com has published an article discussing the Top 6 Scams which Fraudsters utilize to attack Financial Institution customers:  To read the entire story, click here: Classic Fraud: 6 Scams That Don't Go Away

From Check Fraud to Phishing, All the Old Tricks are Back with a Vengeance
June 1, 2009 - Linda McGlasson, Managing Editor

Bank fraud has evolved over the last several years (See: Fraud Update: The 13 Hottest Schemes You Need to Prevent), but some classic variations keep financial institutions busy.

Here are six old fraud tricks that are back with new twists to bedevil fraud departments and information security professionals.

#1. Check Fraud

Since 1997, the number of fraud attempts against bank accounts has doubled every two years. Ever since the desktop publishing era began with color copiers and computer scanners, counterfeit checks have become harder to detect, which is reinforced in the number of checks the New York crime group spread among the various banks in the city over a two-year period. Banks routinely process more than 10 billion checks each year, says a 2007 Federal Reserve payments study.

#2. Elderly and Immigrant Identity Fraud
#3. ATM Fraud/Skimming

This type of fraud made it into President Barack Obama's speech announcing his cybersecurity initiative, when he said "thieves used stolen credit card information to steal millions of dollars from 130 ATM machines in 49 cities around the world -- and they did it in just 30 minutes." The big question is: Can it happen at your institution? The answer is seen in the numbers from a Pulse EFT study (Pulse is one of the leading ATM/debit networks in the U.S.) -- the banking industry lost $662 million to debit card fraud in 2005. Of these losses, 60 percent resulted from ATM transactions, 37 percent from signature transactions, 37 percent from signature debit transactions and 3 percent from PIN point-of-sale (POS) transactions.

While the same Pulse study done in 2007 doesn't give a total loss due to debit card fraud, it does say that is higher than in 2005. Survey participants said they lost 5.40 basis points (0.054 percent) per dollar spent through signature debit transactions in 2007 and 1.09 basis points (.0109 percent) through PIN debit transactions. All of the 62 financial institutions surveyed in the 2007 Pulse study had debit cards potentially compromised in skimmers, and more than 80 percent of those surveyed reported implementing new fraud tools within the past year.

Even with the new fraud tools, stopping criminals from placing skimmers on your institution's ATMs require vigilance and monitoring by your employees.

#4. Phishing
#5. Vishing
#6. Insider Threat

Top Six Scams